Title :
Network Security Evaluation Algorithm Based on Access Level Vectors
Author :
Li, Kai ; Gu, Naijie ; Bi, Kun ; Ji, Hongzhu
Author_Institution :
Dept. of Comput. Sci. & Technol., Univ. of Sci. & Technol. of China, Hefei
Abstract :
The attack graph, a typical model-based method, is widely used in the field of network security evaluation. The biggest disadvantage of attack graph method is its exponential growth of the state space. This paper presents an efficient algorithm based on the malefactorpsilas access level vector in every host of the network to generate a reduced attack graph in polynomial compute complexity. In this algorithm, the state space is reduced to O(nm), where n is the number of nodes and m is the whole number of vulnerabilities in the network. We also present a standard method to generate attack templates from the vulnerabilities.
Keywords :
computational complexity; computer networks; graph theory; telecommunication security; access level vector; attack graph method; attack template; network security evaluation algorithm; polynomial computational complexity; state space reduction; Communication system security; Communication system software; Computer networks; Computer security; Costs; Data security; Information security; Polynomials; State-space methods; Synthetic aperture sonar; Network security evaluation; access level vector; attack graph; attack template.;
Conference_Titel :
Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for
Conference_Location :
Hunan
Print_ISBN :
978-0-7695-3398-8
Electronic_ISBN :
978-0-7695-3398-8
DOI :
10.1109/ICYCS.2008.333
